ID

VAR-202405-0156


CVE

CVE-2024-33495


TITLE

Siemens SIMATIC RTLS Locating Manager Resource Allocation Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-24516

DESCRIPTION

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected application does not properly limit the size of specific logs. This could allow an unauthenticated remote attacker to exhaust system resources by creating a great number of log entries which could potentially lead to a denial of service condition. A successful exploitation requires the attacker to have access to specific SIMATIC RTLS Locating Manager Clients in the deployment. SIMATIC RTLS Locating Manager is used to configure, operate, and maintain SIMATIC RTLS devices, which is a real-time wireless location system that provides location solutions

Trust: 1.44

sources: NVD: CVE-2024-33495 // CNVD: CNVD-2024-24516

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-24516

AFFECTED PRODUCTS

vendor:siemensmodel:simatic rtls locating managerscope:ltversion:v3.0.1.1

Trust: 4.2

sources: CNVD: CNVD-2024-24516

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-33495
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2024-24516
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-24516
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2024-33495
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-24516 // NVD: CVE-2024-33495

PROBLEMTYPE DATA

problemtype:CWE-770

Trust: 1.0

sources: NVD: CVE-2024-33495

PATCH

title:Patch for Siemens SIMATIC RTLS Locating Manager Resource Allocation Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/547626

Trust: 0.6

sources: CNVD: CNVD-2024-24516

EXTERNAL IDS

db:NVDid:CVE-2024-33495

Trust: 1.6

db:SIEMENSid:SSA-093430

Trust: 1.6

db:CNVDid:CNVD-2024-24516

Trust: 0.6

sources: CNVD: CNVD-2024-24516 // NVD: CVE-2024-33495

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-093430.html

Trust: 1.6

sources: CNVD: CNVD-2024-24516 // NVD: CVE-2024-33495

SOURCES

db:CNVDid:CNVD-2024-24516
db:NVDid:CVE-2024-33495

LAST UPDATE DATE

2024-08-14T13:41:07.085000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-24516date:2024-05-28T00:00:00
db:NVDid:CVE-2024-33495date:2024-06-11T12:15:15.440

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-24516date:2024-05-30T00:00:00
db:NVDid:CVE-2024-33495date:2024-05-14T16:17:18.490